Weakness in Tenda 4G03 Pro Cryptographic Key Management
CVE-2026-5527

6.9MEDIUM

Key Information:

Vendor

Tenda
Status
4g03 Pro
Vendor
CVE Published:
4 April 2026

What is CVE-2026-5527?

A vulnerability has been identified in the Tenda 4G03 Pro, specifically within its handling of ECDSA P-256 private keys located in the /etc/www/pem/server.key file. This security flaw involves the use of a hard-coded cryptographic key, resulting in the potential for unauthorized access or remote exploitation. Due to its remote accessibility, attackers could leverage this weakness to compromise the device, highlighting significant concerns regarding the integrity and security of user data.

Affected Version(s)

4G03 Pro 1.0

4G03 Pro 1.0re

4G03 Pro 01.bin

References

https://vuldb.com/vuln/355280
vdb-entry
https://vuldb.com/vuln/355280/cti
signaturepermissions-required
https://vuldb.com/submit/782053
third-party-advisory

CVSS V4

Score:
6.9
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

CoreNode (VulDB User)
VulDB Vulnerability Moderation Team
.